CISSP Practice полностью

75. Which of the following statements are true about the operation of a trusted platform module (TPM) chip?

1. TPM chip is circumvented when it is shut off with physical access.

2. TPM chip has an owner password to protect data confidentiality.

3. TPM data is not cleared when the TPM chip is reset after the password is lost.

4. TPM data or owner password should be backed up to an alternative secure location.

a. 1 and 3

b. 2 and 4

c. 3 and 4

d. 1, 2, 3, and 4

75. b. Each trusted platform module (TPM) chip requires an owner password to protect data confidentiality. Hence, the selected passwords should be strong. Either the owner password or the data on the TPM should be backed up to an alternative secure location. The TPM chip cannot be circumvented even after it is shut off by someone with physical access to the system because the chip is residing on the computer motherboard. If the owner password is lost, stolen, or forgotten, the chip can be reset by clearing the TPM, but this action also clears all data stored on the TPM.

76. A trusted platform module (TPM) chip can protect which of the following?

1. Digital signatures

2. Digital certificates

3. Passwords

4. Cryptographic keys

a. 1 and 2

b. 2 and 4

c. 3 and 4

d. 1, 2, 3, and 4

76. c. A trusted platform module (TPM) chip is a tamper-resistant integrated circuit built into some computer motherboards that can perform cryptographic operations (including key generation) and protect small amounts of sensitive information, such as passwords and cryptographic keys.

The TPM chip cannot protect the digital signatures and certificates because they require complex cryptographic algorithms for digital signature generation and verification and for validating the digital certificates.

77. Which of the following security controls are needed to protect digital and nondigital media at rest on selected secondary storage devices?

1. Cryptography

2. Physical security controls

3. Locked storage container

4. Procedural security controls

a. 1 and 2

b. 2 and 3

c. 3 and 4

d. 1, 2, 3, and 4

77. a. Both digital and nondigital media should be protected with cryptography (encryption) and physical security controls when they are at rest on selected secondary storage devices. Locked storage containers and procedural security controls are not appropriate for media at rest.

78. Polyinstantiation approaches are designed to solve which of the following problems in databases?

a. Lack of tranquility

b. Lack of reflexivity

c. Lack of transitivity

d. Lack of duality

78. a. Lack of tranquility exposes what has been called the “multiple update conflict” problem. Polyinstantiation approaches are the best solution to this problem. Tranquility is a property applied to a set of controlled entities saying that their security level may not change. The principle behind tranquility is that changes to an object’s access control attributes are prohibited as long as any subject has access to the object. Reflexivity and transitivity are two basic information flow properties. Duality is a relationship between nondisclosure and integrity.

79. Which of the following strategies is used to protect against risks and vulnerabilities at every stage of system, network, and product life cycles?

a. Defense-in-breadth

b. Defense-in-depth

c. Defense-in-technology

d. Defense-in-time

79. a. A defense-in-breadth strategy is used to identify, manage, and reduce risk of exploitable vulnerabilities at every stage of the system, network, or product life cycle. This is accomplished through the use of complementary, mutually reinforcing security strategies to mitigate threats, vulnerabilities, and risks.

Defense-in-depth uses layers of security, defense-in technology uses compatible technology platforms, and defense-in-time considers different time zones in the world to operate global information systems.

80. Which of the following is a true statement about Active-X content?

1. It is language-dependent.

2. It is platform-specific.

3. It is language-independent.

4. It is not platform-specific.

a. 1 and 2

b. 2 and 3

c. 3 and 4

d. 1 and 4